cron.weekly issue #78: octodns, SSH, grsecurity, postal, nginx, cgroups, vim & more


cron.weekly is a newsletter about Linux, open source & webdevelopment. Want to get it in your inbox every Sunday? Subscribe below!

I respect your privacy and you won't get spam. Ever. Just a weekly-ish newsletter about Linux and open source.

Want to help support this blog? Try out Oh Dear, the best all-in-one monitoring tool for your entire website, co-founded by me (the guy that wrote this blogpost). Start with a 10-day trial, no strings attached.

We offer uptime monitoring, SSL checks, broken links checking, performance & cronjob monitoring, branded status pages & so much more. Try us out today!

Image of Mattias Geniar

Mattias Geniar, April 30, 2017

Follow me on Twitter as @mattiasgeniar

Welcome to cron.weekly issue #78 for Sunday, April 30th, 2017.

Lots of good links in this release again, plenty of variation to keep you entertained. Enjoy!

News

How SSH port became 22

A bit of Unix trivia here, as the original author of the SSH protocol explains why port 22 was chosen and how it got to be approved as the official port, by IANA.

AMD Ryzen benchmarks on Linux

AMD seems to be really making a comeback with its Ryzen CPUs, this post looks at how it does on performance when run on a Linux system. Both single and multithreaded performance comparisons are handled.

PATH_MAX Is Tricky

In Linux, there’s a limit to how long a “path” can be. Since directories contain other directories, a file path could – in theory – be millions of paths deep. It’s limited via the PATH_MAX limit though, and this post explains why it’s there, the caveats and how to handle those.

Envoy: 7 months later

The team at Lyft (Uber rival) looks back at their Envoy announcement, a L7 proxy and communication bus (also known as a “service mesh”, like linkerd). Nice bit of history & future plans for the project.

grsecurity stop support open source release

Grsecurity offered kernel hardening & security guarantees, but is now stopping the support of their open source project. It’ll continue to operate, but in a closed source way only, unless the community keeps up maintenance. Funny how the parent company is still named “Open Source Security Inc.“.

Instead of containerization, give me strong config & deployment primitives

Lots of points here from the author on what proper configurations can achieve vs. containers, and how the benefit of strong configs outweigh some of the downsides of those containers.

Estimating CPU Per Query With Weighted Linear Regression

It’s sometimes impossible to answer what’s consuming resources like CPU, IO, & memory in a complex software such as a database. This ebook explains how a specialization of ordinary linear regression answers seemingly unsolvable database questions. (Sponsored)

Tools & Projects

Datadog: all your infrastructure, in one place

Track & alert on the health and performance of every server, container, and app in any environment, with Datadog. Sign up for a free 14-day trial. (Sponsored)

dnsdiag

A set of tools to perform basic audits on your DNS requests and responses to make sure your DNS is working as you expect.

JMAP

JMAP is intended to be a new standard for email clients to connect to mail stores. It therefore intends to primarily replace IMAP + SMTP submission. It is also designed to be more generic such that it can be extended with contacts, calendars in the future (replacing CardDAV/CalDAV). It does not replace MTA-to-MTA SMTP transmission.

linkerd 1.0

The first stable release of linkerd, a dedicated infrastructure layer for making service-to-service communication safe, fast, and reliable.

mush

This tool offers mustache templates for Bash, allowing you to more easily template scripts & content in Bash.

postal

Postal is a complete and fully featured mail server for use by websites & web servers. Think Sendgrid, Mailgun or Postmark but open source and ready for you to run on your own servers.

nginx 1.13

This new release brings support for TLSv1.3 and a convenient feature where logging signals sent to nginx now also log the PID of the process which sent the signal.

Linux Malware Detect (lmd)

Linux Malware Detect (LMD) is a malware scanner for Linux is designed around the threats faced in shared hosted environments. It uses threat data from network edge intrusion detection systems.

Postgresql multi-master

Multi-master is an extension and set of patches to a Postgres database, that turns Postgres into a synchronous shared-nothing cluster to provide OLTP scalability and high availability with automatic disaster recovery.

octodns

OctoDNS provides a set of tools & patterns that make it easy to manage your DNS records across multiple providers. The resulting config can live in a repository and be deployed just like the rest of your code, maintaining a clear history and using your existing review & workflow.

sslsecure.vim

Highlight insecure SSL/TLS cipher suites and protocols as errors in your editor.

Guides & Tutorials

Reproducing Go binaries byte-by-byte

This post explains why reproducible builds are important and goes on to show how to make it happen, using rclone (CLI sync tool) as an example. There’s some Linux, Docker & Go in this post for everyone.

How to switch to Vim without ruining your workflow

Some practical tips for trying to better understand & use the vim editor, like making it the default editor in your terminal, learning the different modes & quick shortcuts for easy navigation.

What’s new with RHEL 7 CGroups?

RHEL7 (and thus, CentOS 7) has been out for a while now. This post provides lots of links to further explore cgroups, to further separate CPU/memory/network/disk resources in namespaces.

Running Mastodon

This guide gets you started running your own Mastodon instance on a Digital Ocean VM, but it’ll work on pretty much any Linux provider & flavor.

TCP/UDP Load Balancing with NGINX: Overview, Tips, and Tricks

A deep-dive into the features of the TCP and UDP load balancer in Nginx, covering hash algoritms, failovers, weighted load balancing, handling timeouts, performing health checks, etc.

Two Objects not Namespaced by the Linux Kernel

Not everything is namespaced in the kernel, this post shows which 2 objects aren’t. No tl;dr here, click through to find out! 😉

How To Measure MySQL Query Performance with mysqlslap

MySQL comes with a handy little diagnostic tool called mysqlslap that’s been around since version 5.1.4. It’s a benchmarking tool that can help DBAs and developers load test their database servers. This post gives you the steps to use it.

Videos

Why UNIX has short command names

This video only takes 35 seconds and I won’t spoil the answer. Go view. 🙂



Want to subscribe to the cron.weekly newsletter?

I write a weekly-ish newsletter on Linux, open source & webdevelopment called cron.weekly.

It features the latest news, guides & tutorials and new open source projects. You can sign up via email below.

No spam. Just some good, practical Linux & open source content.